Commit graph

743 commits

Author SHA1 Message Date
Jouni Malinen
d9a27b0455 Fix SME to update WPA/RSN IE for rsn_supp module based on AssocReq
When using wpa_supplicant SME (i.e., using nl80211), the rsn_supp
module was not informed of the WPA/RSN IE that was used in
(Re)Association Request frame. This broke roaming between APs that
use different security policy (e.g., changing between WPA/TKIP and
WPA2/CCMP APs) or when using PMKSA caching.
2010-04-07 10:31:06 +03:00
Jouni Malinen
32d5295f9d Add a drop_sa command to allow 802.11w testing
This drops PTK and PMK without notifying the AP.
2010-03-29 15:42:04 -07:00
Jouni Malinen
e820cf952f MFP: Add MFPR flag into station RSN IE if 802.11w is mandatory 2010-03-29 10:48:01 -07:00
Jouni Malinen
e2f74005f5 bgscan: Add signal strength change events
This allows bgscan modules to use more information to decide on when
to perform background scans. bgscan_simple can now change between
short and long background scan intervals based on signal strength
and in addition, it can trigger immediate scans when the signal
strength is detected to be dropping.

bgscan_simple takes following parameters now:
short interval:signal strength threshold:long interval
For example:
	bgscan="simple:30:-45:300"
2010-03-28 15:32:34 -07:00
Jouni Malinen
b625473c6c Add driver command and event for signal strength monitoring 2010-03-28 15:31:04 -07:00
Jouni Malinen
b766a9a293 Add freq_list network configuration parameter
This can be used to limit which frequencies are considered when
selecting a BSS. This is somewhat similar to scan_freq, but will
also affect any scan results regardless of which program triggered
the scan.
2010-03-26 22:45:50 -07:00
Jouni Malinen
62c72d7299 FT: Process reassoc resp FT IEs when using wpa_supplicant SME 2010-03-13 21:13:18 +02:00
Jouni Malinen
2a7e7f4e4a FT: Add driver op for marking a STA authenticated
This can be used with FT-over-DS where FT Action frame exchange
triggers transition to State 2 (authenticated) without Authentication
frame exchange.
2010-03-13 18:28:15 +02:00
Jouni Malinen
fe1919856c FT: Update SME frequency info before sme_associate() call
This is needed to allow FT-over-DS to request correct channel for
the reassociation with the target AP.
2010-03-13 18:26:25 +02:00
Jouni Malinen
71024cb255 FT: Request reassociation after successful FT Action frame exchange 2010-03-13 17:14:41 +02:00
Jouni Malinen
a7918ec749 wpa_cli: Improved command parameter tab completion 2010-03-12 19:43:15 +02:00
Jouni Malinen
037f83eb44 wpa_cli: Fix detach race with forked monitor process
Need to kill the monitor process before running detach command on
the monitor connection to avoid race where the monitor process may
end up getting the detach command result.
2010-03-12 17:34:56 +02:00
Jouni Malinen
dd63f314bd wpa_cli: Redisplay readline edit after event messages 2010-03-12 17:24:50 +02:00
Jouni Malinen
036f7c4aab FT: Add preliminary processing of FT Action Response from EVENT_RX_ACTION
Previously, this was only done with userspace MLME (i.e., driver_test.c);
now, driver_nl80211.c can deliver the FT Action Response (FT-over-DS)
for processing. The reassociation after successful FT Action frame
exchange is not yet implemented.
2010-03-12 00:43:00 +02:00
Jouni Malinen
a4652ce64c wpa_gui: Remove unneeded wpa_ctrl_request() msg_cb 2010-03-07 17:28:00 +02:00
Jouni Malinen
3234cba40e Remove unnecessary ifname parameter to sta_set_flags() driver op 2010-03-07 11:45:41 +02:00
Jouni Malinen
62847751e4 Remove unnecessary ifname parameter from sta_add() driver op 2010-03-07 11:42:41 +02:00
Jouni Malinen
17557ebe30 Remove forgotten ifname parameter from set_beacon() call 2010-03-07 10:04:35 +02:00
Felix Fietkau
4c32757d22 hostapd: add ifname to the sta_set_flags callback
This fixes multi-BSS STA operations (e.g., setting AUTHORIZED flag) with
nl80211-based drivers.
2010-03-06 20:44:31 +02:00
Jouni Malinen
23e2550c0e Remove unneeded CONFIG_EAP comments
These are not needed for WPS builds since CONFIG_WPS=y enables all
the needed EAP components.
2010-03-06 16:40:53 +02:00
Dmitry Shmidt
aa53509ffe Update priority list after priority change
Despite comments in the wpa_config_update_prio_list(struct wpa_config
*config) telling that it is called "if priority for a network is
changed", it is apparently not.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2010-03-06 11:13:50 +02:00
Kel Modderman
09bd6e8cca wpa_supplicant: fix FTBFS on Debian GNU/kFreeBSD
This patch allows wpa_supplicant to compile on Debian's kfreebsd
architectures.

Patch by Stefan Lippers-Hollmann based on work done by Petr Salinger
and Emmanuel Bouthenot for 0.6.X (http://bugs.debian.org/480572).
2010-03-06 10:16:47 +02:00
Jouni Malinen
3812464cda Add optional scan result filter based on SSID
filter_ssids=1 global configuration parameter can now be used to
enable scan result filtering (with -Dnl80211 only for now) based on
the configured SSIDs. In other words, only the scan results that have
an SSID matching with one of the configured networks are included in the
BSS table. This can be used to reduce memory needs in environments that
have huge number of APs.
2010-03-05 21:42:06 +02:00
Jouni Malinen
c9c38b0996 Make maximum BSS table size configurable
New global configuration parameter bss_max_count can now be used to
change the maximum BSS table size. The old fixed size limit (200) is
used as the default value for this parameter.
2010-03-05 20:20:09 +02:00
Jouni Malinen
ac26ebd8b5 Allow roam based on preferred BSSID regardless of signal strength 2010-02-28 11:09:58 +02:00
Jouni Malinen
36d1343a4b Do not inhibit suspend even if wpa_cli command fails
There is no point in inhibiting suspend in case wpa_supplicant is
not running and as such, return success unconditionally from this
script.
2010-02-27 20:03:13 +02:00
Jouni Malinen
207ef3fb12 Add suspend/resume notifications
wpa_supplicant can now be notified of suspend/resume events, e.g.,
from pm-action scripts. This allows wpa_supplicant to clear information
that may become invalid during a suspend operation.
2010-02-27 18:46:02 +02:00
Jouni Malinen
be8be6717d Clear current_bss pointer on disassociation/deauthentication
This is needed to allow the BSS table entry for the previously used
BSS to be removed. Now wpa_bss_in_use() can return 0 for the last BSS
that was used as soon as deauthentication/disassociation event has been
received.
2010-02-27 18:40:25 +02:00
Jouni Malinen
159dd3e28a Add more debug prints to make deauth/disassoc events clearer 2010-02-27 18:39:09 +02:00
Jouni Malinen
e824cc4648 Use os_snprintf instead of snprintf 2010-02-19 19:14:41 +02:00
Jouni Malinen
94d9bfd59b Rename EAP server source files to avoid duplicate names
This makes it easier to build both EAP peer and server functionality
into the same project with some toolchains.
2010-02-19 18:54:07 +02:00
Jouni Malinen
b7a2b0b68c Add alloc_interface_addr() drv op option for specifying ifname
Some drivers may need to use a specific ifname for the virtual
interface, so allow them to do this with a new parameter passed
to the alloc_interface_addr() handler.
2010-02-16 19:34:51 +02:00
Jouni Malinen
cbf7855883 wpa_cli: Add option to use child process to receive events
CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config can be used to
configure wpa_cli build to make a version of wpa_cli that forks
a child process to receive event messages. This allows the events
to be shown immediately instead of having to wait for the next
periodic poll with PING.
2010-02-14 16:14:20 +02:00
Jouni Malinen
4a3ade4e11 wpa_gui: Use separate ctrl_iface connection for event messages 2010-02-13 21:37:35 +02:00
Kel Modderman
aff5e54d4a wpa_gui-qt4: do not show WPS AP available event tray messages
Do not show WPS event tray messages as they can happen too frequently.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2010-02-13 14:03:18 +02:00
Jouni Malinen
00468b4650 Add TLS client events, server probing, and srv cert matching
This allows external programs (e.g., UI) to get more information
about server certificate chain used during TLS handshake. This can
be used both to automatically probe the authentication server to
figure out most likely network configuration and to get information
about reasons for failed authentications.

The follow new control interface events are used for this:
CTRL-EVENT-EAP-PEER-CERT
CTRL-EVENT-EAP-TLS-CERT-ERROR

In addition, there is now an option for matching the server certificate
instead of the full certificate chain for cases where a trusted CA is
not configured or even known. This can be used, e.g., by first probing
the network and learning the server certificate hash based on the new
events and then adding a network configuration with the server
certificate hash after user have accepted it. Future connections will
then be allowed as long as the same server certificate is used.

Authentication server probing can be done, e.g., with following
configuration options:
    eap=TTLS PEAP TLS
    identity=""
    ca_cert="probe://"

Example set of control events for this:
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' hash=5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=8 depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' err='Server certificate chain probe'
CTRL-EVENT-EAP-FAILURE EAP authentication failed

Server certificate matching is configured with ca_cert, e.g.:
    ca_cert="hash://server/sha256/5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a"

This functionality is currently available only with OpenSSL. Other
TLS libraries (including internal implementation) may be added in
the future.
2010-02-13 11:14:23 +02:00
Jouni Malinen
c5674000a3 wpa_gui-qt4: Stop BSS fetch loop on error for Peers dialog
There is no need to continue the loop until the 1000 max BSS limit
if a BSS command fails.
2010-01-24 18:42:45 -08:00
Jouni Malinen
48563d86b2 Try to avoid some unnecessary roaming
When multiple APs are present in scan results with similar signal
strength, wpa_supplicant may end up bounching between them frequently
whenever new scan results are available (e.g., due to periodic scans
requested by NetworkManager). This can result in unnecessary roaming
and in case of the current cfg80211 version, to frequent network
disconnections.

Do not request a roam if the current BSS is still present in the scan
results and the selected BSS is in the same ESS and has only a slighly
stronger signal strength.
2010-01-24 18:19:50 -08:00
Jouni Malinen
b85e772449 SME: Request a new scan if SME association command fails
This handles some error cases without getting stuck waiting for new
events from the driver if association command fails for any reason.
2010-01-24 18:09:36 -08:00
Jouni Malinen
dff0f701d0 Preparations for v0.7.1 release 2010-01-16 19:04:38 +02:00
Jouni Malinen
3e674c063c Update VS 2005 project files with new/removed source files 2010-01-16 18:49:17 +02:00
Witold Sowa
7899e2f42d dbus: Change WPA/RSNIE byte array props to dicts
Expose RSN and WPA properties for BSS objects containing information
about key management and cipher suites. Get rid of WPA/RSN/WPSIE
byte array properties and add IEs byte array property with all IE data
instead.
2010-01-16 16:37:37 +02:00
Jouni Malinen
8c0906542c Fetch IEs from both Beacon and Probe Response frames if available
This allows the driver wrappers to return two sets of IEs, so that
the BSS code can use information from both Beacon and Probe Response
frames if needed. For example, some Cisco APs seem to include more
information in Wireless Provisioning Services IE when it is in the
Beacon frame.
2010-01-16 16:11:05 +02:00
Jouni Malinen
af47308823 Add deinit_ap driver op to help wpa_supplicant AP mode use 2010-01-16 12:20:51 +02:00
Jouni Malinen
e882899981 Add BSSID to TX/RX Action frame driver ops
This meets better the needs for various Public Action frame use cases.
2010-01-16 12:16:20 +02:00
Jouni Malinen
a2e4f66edc Remove completed to-do item 2010-01-16 09:44:41 +02:00
Jouni Malinen
20766f2007 Make wpa_bss_get_max_rate() a bit more readable with a local variable 2010-01-10 22:53:36 +02:00
Jouni Malinen
a416fb47eb IBSS RSN: Explicitly check addr != NULL before passing it to memcmp
idx == 0 should be enough to make sure that the addr is set, but
verify that this is indeed the case to avoid any potential issues if
auth_set_key() gets called incorrectly.
2010-01-10 21:53:17 +02:00
Jouni Malinen
6f9b5d1696 IBSS RSN: Check explicitly that WPA auth sm assoc call succeeded
Verify that association processing did not end up freeing the state
machine. This should not really happen in practice, but better verify
it anyway.
2010-01-10 21:45:44 +02:00
Jouni Malinen
f337f0e950 Remove unnecessary bss != NULL checks from sme_authenticate()
This is already verified in the beginning of the function, so no need
to repeat that multiple times.
2010-01-10 21:31:54 +02:00